TouchNet Information Systems, Inc. Safe Harbor Privacy Statement

This privacy statement applies to www.touchnet.com, Client Community, and U.Commerce Suite, Mobile websites, and Mobile Application (Sites) owned and operated by TouchNet Information Systems, Inc. ("TouchNet", “We”, “Us” or “Our”). This Statement describes how TouchNet collects, uses, and discloses certain personal information that identifies or can be used to identify (together with other information) a living individual that it receives in the United States from European Union member countries and Switzerland ("Personal Data") whether (A) such Personal Data is acquired from persons accessing and/or browsing TouchNet's Sites ("Browser Users") or (B) by receipt from or access to data residing on servers of clients of TouchNet with whom TouchNet has one or more contractual relationships under which TouchNet-authored software processes the data of such clients ("Business Clients"), including the Personal Data of the personnel of such Business Clients ("Business Client Personnel") and the Personal Data of customers of such Business Clients ("Secondary Users"). For purposes of this policy, Browser Users, Secondary Users, and Business Client Personnel will be referred to collectively as "End Users." Personal Data does not include information that is anonymized or aggregated. In particular, TouchNet recognizes that the European Union and Switzerland have established strict protections regarding the handling of Personal Data, and TouchNet therefore has elected to adhere to the US-EU and US-Swiss Safe Harbor Privacy Principles (the "Safe Harbor") with respect to such Personal Data that it receives in the United States from the EU or Switzerland. For further background and information about the Safe Harbor, and to see TouchNet's representation on the Safe Harbor List, please refer to the U.S. Department of Commerce's website at www.export.gov/safeharbor.

Business Clients

TouchNet may obtain various types of Personal Data about TouchNet's Business Clients and the personnel of each of them. Such data may include contact information (names, school names, employer names, business addresses, phone and fax numbers, and email addresses); information about products and services ordered or provided; financial and payment information; user IDs, passwords, information collected through Internet-based activities, and other transaction-related data.

TouchNet may use these types of Personal Data for business purposes, including to deliver or provide services; to establish or maintain client and business relationships; to deliver marketing or newsletter communications; to provide access to Internet-based activities; to perform accounting functions; and to conduct other activities as necessary or appropriate in connection with the servicing and development of the business relationship.

TouchNet's Business Clients may contact us if any of their Personal Data changes, or if they would like to access and correct or delete inaccuracies within the Personal Data that TouchNet maintains about them or about their customers (Secondary Users). TouchNet will respond within thirty (30) days to individual requests to access by Business Clients.

TouchNet Bill+Payment Suite

Secondary Users who sign up for TouchNet's Bill+Payment Suite will be asked to furnish their name, email address, mobile number, and carrier. TouchNet, on behalf of each Secondary User's Related Institution, will use this information to create an account for each such Secondary User so that such Secondary User may make payments to his/her Related Institution directly. For purposes hereof, when referring to the Personal Data of a Secondary User that is obtained by TouchNet on behalf of one of TouchNet's Business Clients, that Business Client will be referred to as such Secondary User's Related Institution. Thus, the entity, when referenced in connection with its relationship with TouchNet, is referred to as a Business Client, but when referred to in connection with such entity's relationship with its End Users, will be referred to as such Secondary User's "Related Institution." Each Secondary User who provides TouchNet with his/her mobile number will be sent text messages about new bills and upcoming payments, provided the Secondary User's Related Institution has not opted to disable this functionality. Regardless, each Secondary User may opt out of receiving these types of communications at any time by updating their user profile. If enabled by the Secondary User's Related Institution, Secondary Users also have the ability to store their credit card or checking account information on the TouchNet Website so that Secondary Users do not need to enter such information every time they log in to make a payment. Provided the Secondary User's Related Institution has not disabled this functionality, Secondary Users wishing to delete or update their personal or financial information may do so at any time by logging into their respective accounts and updating their user profile. Provided the Secondary User's Related Business Client has not disabled this functionality, Secondary Users may add authorized users to their account. Secondary Users wishing to do so will need to furnish to TouchNet such person's email address. Thereafter, the Secondary User is then able to set permissions for such authorized person as far as what such person is allowed to see within the Secondary User's account. Secondary Users may deactivate authorized users at any time by updating the Secondary User's profile.

TouchNet Marketplace uStores

End Users who sign up for TouchNet Marketplace uStores will be asked to furnish their names, email addresses, and mailing addresses. TouchNet will also ask Secondary Users to create a username and password so that such End Users may access the site at anytime, subject to limitations (if any) imposed by such Business Client. TouchNet uses this information for the sole purpose of allowing such End User to create an account and make purchases. Nothing stated herein, however, limits or restricts what a Business Client may do with such Personal Data. For limitations (if any) on the Personal Data applicable to the Business Client, End Users are directed to each Business Client.

In each instance in which TouchNet obtains access to Personal Data Information about End Users, TouchNet is acting as a mere data processor on behalf of its Business Clients, and TouchNet therefore handles such Personal Data strictly in accordance with such Business Client's instructions and pursuant to TouchNet's contractual arrangements with them. Accordingly, at all times, with respect to each End User, such End User's Personal Data will always be subject to disclosure to the Business Client. End Users with an existing relationship with one of TouchNet's Business Clients should refer to such Business Client's website to understand the privacy practices that apply to Personal Data that TouchNet may maintain about such End Users. Moreover, End Users wishing to access and review their Personal Data should contact their Related Institution (which is TouchNet's Business Client) with any such requests. TouchNet will cooperate as appropriate with requests from TouchNet's Business Clients to assist with such responses. End Users with a registered account wishing to change, update, or delete inaccuracies within their Personal Data within this section of the TouchNet Website may also do so by logging into their account, selecting "My Account," and clicking the information link to be changed, deleted, or updated.

Client Community

Personnel affiliated with TouchNet's Business Clients ("Business Client Personnel") are entitled to use the TouchNet Client Community. TouchNet will request such Business Client Personnel's name and email address.

Business Client Personnel who use a bulletin board or forum on the TouchNet Website should be aware that any Personal Data you submit there can be read, collected, or used by other users of these forums, and could be used to send unsolicited messages. TouchNet is not responsible for the Personal Data Business Client Personnel choose to submit in these forums. To request removal of your Personal Data from our bulletin board or forum, contact us at privacy@touchnet.com. In some cases, we may not be able to remove your Personal Data, in which case we will let you know if we are unable to do so and why.

Contact Us

If you choose to use TouchNet's "contact us" form on the TouchNet Website, TouchNet will collect users' names, email addresses and phone numbers. TouchNet uses this information for the sole purpose of responding to the user's request.

Information Sharing

TouchNet is a third party service provider that furnishes users a payment platform. TouchNet furnishes, through its Business Clients, this payment platform to Secondary Users. The information collected within this platform is governed primarily by the privacy policies of TouchNet's Business Clients, but also by TouchNet's privacy statement.

TouchNet reserves the right to disclose Personal Data as required by law and when TouchNet believes that disclosure is necessary to protect its rights and/or comply with a judicial proceeding or court order.

TouchNet may disclose Personal Data to Business Clients and subcontractors as necessary in connection with the performance of requested services or solutions or as otherwise appropriate in connection with a legitimate business need. TouchNet may also disclose US and Personal Data as necessary in connection with the sale or transfer of all or part of its business. In these situations, TouchNet will require the recipient of the data to protect the data in accordance with the relevant principles in the Safe Harbor, or otherwise take steps to ensure that the Personal Data is appropriately protected. You will be notified via email and/or a prominent notice on our web site of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.

Co-Branded Sites

Much of TouchNet's business involves Web-enabling of the functionality of its Business ERP and other business computer applications and enabling e-commerce functionality for its Business Clients. In that way, certain Websites may have the appearance of a TouchNet site, when, in fact, the data gathered thereunder, including Personal Data, is controlled not by TouchNet, but rather by TouchNet's Business Clients. To the extent TouchNet collects and stores Personal Data on behalf of Business Clients, TouchNet will maintain such data in accordance with policy and its agreements with its Business Clients. Secondary Users should be aware that all such TouchNet-gathered data is open to inspection and use by its Business Clients; however, TouchNet will make the Personal Data of a Secondary User available, not to all TouchNet Business Clients, but rather only to the TouchNet Client that constitutes the particular Secondary User's Related Institution. It is therefore important for Secondary Users to be familiar both with TouchNet's policy and such Business User's Related Institution's policy.

Cookies and other Tracking Technologies

As is true of most web sites, we gather certain information automatically through cookies, tags, and scripts and store it in log files and data repositories. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information, which does not identify individual users, to analyze trends, to administer the site, to track users' movements around the site and to gather demographic information about our user base as a whole. We do not link this automatically-collected data to Personal Data. The use of such information gathering by Business Clients is not covered by TouchNet's privacy statement.

We use cookies to make it easier for Secondary Users to navigate the TouchNet sites (e.g. for shopping cart, to remember users’ settings, and authentication). Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our web site, but your ability to use some features or areas of our site may be limited.

The use of cookies, beacons, tags, and scripts by third parties, including TouchNet's Business Clients, is not covered by TouchNet's privacy statement. TouchNet does not have access or control over these.

Email Communications

When Secondary Users and/or Business Client Personnel sign up for the various services offered on TouchNet authored and/or controlled Websites, such users are automatically opted-in to receive marketing emails. Such users may at any time unsubscribe from receiving these types of email communications by following the unsubscribe instructions within each email communication.

Service-Related Announcements

TouchNet may send Business Client Personnel service-related announcements and TouchNet's Business Clients, using TouchNet-authored software and may send similar announcements to Secondary Users when it is necessary to do so. For instance, if TouchNet's service or the service offered by a TouchNet Business Client is temporarily suspended for maintenance, TouchNet and/or its Business Client might send Secondary Users an email notification.

Generally, End Users may not opt-out of these communications, which are not promotional in nature.

Customer Service

When appropriate, TouchNet and/or its Business Client, as applicable, will communicate with End Users in response to their inquiries, to provide the relevant services, and to manage such users' accounts. TouchNet and/or its Business Clients will ordinarily communicate with Business Client Personnel or Secondary Users, as the case may be, by email or telephone, in accordance with the expressed wishes of such End Users.

Links to Other Sites

If, while on a TouchNet Site, the End User clicks on a link to a third party site, such user will leave TouchNet’s Site and go to the selected site. Because TouchNet cannot control the activities of third parties, TouchNet cannot and does not accept responsibility for any use of any person's Personal Data by such third parties, and TouchNet cannot and does not guarantee that such third parties will adhere to the same privacy practices as does TouchNet or as do TouchNet's Business Clients. End Users are encouraged to review the privacy statements of any other service provider from whom services are requested.

Social Media

Our website includes social media features, such as Twitter and LinkedIn buttons. These third party sites may collect information such as your IP address, which page you are visiting on our website, and may set a cookie to enable the feature to function properly. Social media features are either hosted by a third party or hosted directly on Our website. Your interactions with these features are governed by the privacy statement of the company providing it.

Data Security and Integrity

TouchNet utilizes hosting centers that store and process Personal Data in various locations in the United States. TouchNet takes reasonable precautions to protect Personal Data in these centers and in other locations in the United States from loss, misuse and unauthorized access, disclosure, alteration, and destruction. TouchNet also makes reasonable efforts to keep Personal Data reliable for its intended use, accurate, current, and complete.

The security of individuals' personal information is important to TouchNet. When sensitive information (such as a credit card number or username and password) is entered on our site, TouchNet encrypts that information during transmission using transport layer security (TLS) technology.

TouchNet uses commercially reasonable efforts to follow generally-accepted industry standards to protect the Personal Data submitted or otherwise furnished to or accessed by TouchNet both during transmission and once received. However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, although TouchNet strives to use commercially acceptable means to protect Personal Data, neither TouchNet nor anyone else can guarantee its absolute security.

If there are any questions about security, individuals are invited to contact TouchNet at privacy@touchnet.com.

We will use Personal Data only for the purpose for which it was first collected or subsequently authorized by the individual or for other compatible purposes.

We will take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete and current.

Retention

We will retain our Business Clients’ and End Users' Personal Data we process on behalf of our Business Clients for as long as the account is active or as needed to provide services to our Business Clients and their End Users. TouchNet will retain these Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Enforcement

We will conduct compliance audits of its relevant privacy practices to verify compliance with this Safe Harbor Policy.

Any TouchNet employee that we determine has acted in violation of this Safe Harbor Policy will be subject to disciplinary action up to and including termination of employment.

Questions

Persons with questions about this Safe Harbor Privacy Statement, or persons wishing to request access to Personal Data that TouchNet maintains, are invited to contact TouchNet as follows:

TouchNet has received TRUSTe's Privacy Seal signifying that this privacy statement and our practices have been reviewed for compliance with the TRUSTe program viewable on the validation page available by clicking the TRUSTe seal. The TRUSTe program covers only information that is collected through the TouchNet Sites. The use of information collected through our service shall be limited to the purpose of providing the service for which the Client has engaged TouchNet. If you have any complaints regarding our compliance with the Safe Harbor you should first contact us (as provided above). If contacting us does not resolve your complaint, you may raise your complaint with TRUSTe by Internet here, fax to 415-520-3420, or mail to TRUSTe Safe Harbor Compliance Dept., click for mailing address. If you are faxing or mailing TRUSTe to lodge a complaint, you must include the following information: the name of company, the alleged privacy violation, your contact information, and whether you would like the particulars of your complaint shared with the company. For information about TRUSTe or the operation of TRUSTe's dispute resolution process, click here or request this information from TRUSTe at any of the addresses listed above. The TRUSTe dispute resolution process shall be conducted in English.

TouchNet complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. TouchNet has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view TouchNet's certification, please visit http://www.export.gov/safeharbor/.

Changes in this Privacy Statement or Our Privacy Practices

If we decide to change our privacy statement or practices, we will post those changes to this privacy statement, the home page, and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this policy, we will notify you here, by email, or by means of a notice on our home page prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.